Annex 4 to DPA

Name

Purpose

Collected Data

Contains Student Data?

Amazon Web Services

Infrastructure and functionality for WeVideo. App server, file storage, database, delivery and more.

Name, email address, device metadata (ip address), user generated content

Hubspot

CRM & Email campaigns (including incident response)

Name, email address, marketing related usage tracking.

No, students are opted out.

Mixpanel

Analytics

Email address (if not student), user activity within application (features used, etc)

No, anonymized data.

Zendesk

Customer Support

Email address, and anything the user opts into

No, unless student opts in.

Google Analytics

Analytics

Device metadata (ip address)

No

Google Tag Manager (facebook, bing, linkedin, pinterest, twitter, yandex, disqus, addthis, doubleclick.net)

Managing cookies

Device metadata (ip address)

No

Datadog

Cloud Monitoring

Name, email address, device metadata (ip address), user generated content

PayPal

Handling self service (non purchase order) subscriptions.

PCI compliant data for processing payment and managing subscription (email address, payment info)

No (unless user signs up for non EDU personal plan)

Stripe

Handling self service (non purchase order) subscriptions. Credit card payments for POs.

PCI compliant data for processing payment and managing subscription (email address, payment info)

No (unless user signs up for non EDU personal plan)

Baremetrics

Payment analysis, expired card notification

Email address

No (unless user signs up for non EDU personal plan)

Salesforce

CRM software

Information on leads, quotes

No

TrackJS

Error tracking

Error logs (anonymized)

No

sentry.io

Error tracking

Error logs (anonymized)

No

Google Play Store

Handling self service (non purchase order) Android subscriptions.

PCI compliant data for processing payment and managing subscription (email address, payment info)

No (unless user signs up for non EDU personal plan)

Apple App store

Handling self service (non purchase order) iOS subscriptions.

PCI compliant data for processing payment and managing subscription

No (unless user signs up for non EDU personal plan)

Storyblocks

Stock media library

Media usage

No

Power BI (microsoft azure)

data visualization

transactional history, name, email, address

No

Name

Purpose

Collected Data

Google Workplace (Alphabet)

Enterprise solution (email, etc)

Potentially PII is stored here from email communication or perhaps forms/documents in Drive

Atlassian

Development and issue tracker

Generally userid’s are used here instead of PII, but there are cases where it is relevant and could be exposed in a breach.

Slack

Company communication

Potentially PII is stored here from chat communication.

Github

Code hosting platform for version control and collaboration

Very unlikely there is any PII here but it’s good to mention.

Tableu

Data visualization and data analytics tool

BI

Intacct

Accounting software

Invoice information, accounts receivable/payable contact (email address)

Groove

Salesforce email add on that holds customer and lead information

PII like names, emails etc

Name

Purpose

Collected Data

Contains Student Data?

Amazon Web Services

Infrastructure and functionality for WeVideo. App server, file storage, database, delivery and more.

Name, email address, device metadata (ip address), user generated content

Hubspot

Email notifications (including incident response)

Name, email address

No, students are opted out.

Zendesk

Customer Support

Email address, and anything the user opts into

No, unless student opts in.

Mixpanel

Analytics

Usage

No, depending on definition.